# Contributor: Rasmus Thomsen <oss@cogitri.dev>
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Jiri Horner <laeqten@gmail.com>
# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
pkgname=webkit2gtk
pkgver=2.28.4
pkgrel=0
pkgdesc="Portable web rendering engine WebKit for GTK+"
url="https://webkitgtk.org/"
arch="all !mips !mips64"
license="LGPL-2.0-or-later AND BSD-2-Clause"
depends="bubblewrap xdg-dbus-proxy dbus:org.freedesktop.Secrets"
makedepends="
	bison
	cmake
	enchant2-dev
	flex
	geoclue-dev
	gnutls-dev
	gobject-introspection-dev
	gperf
	gst-plugins-bad-dev
	gst-plugins-base-dev
	gstreamer-dev
	gtk+3.0-dev
	gtk-doc
	hyphen-dev
	icu-dev
	libgcrypt-dev
	libjpeg-turbo-dev
	libnotify-dev
	libpng-dev
	libseccomp-dev
	libsecret-dev
	libsoup-dev
	libwebp-dev
	libxml2-dev
	libxslt-dev
	libxt-dev
	mesa-dev
	openjpeg-dev
	openjpeg-tools
	pango-dev
	paxmark
	python3
	ruby
	samurai
	sqlite-dev
	woff2-dev
	ruby-json
	libwpe-dev
	libwpebackend-fdo-dev
	"
replaces="webkit"
options="!check" # upstream doesn't package them in release tarballs: Tools/Scripts/run-gtk-tests: Command not found
subpackages="$pkgname-dev $pkgname-lang $pkgname-dbg"
source="https://webkitgtk.org/releases/webkitgtk-$pkgver.tar.xz
	fix-fast-memory-disabled.patch
	musl-fixes.patch
	fix-openjpeg.patch
	lower-stack-usage.patch
	use-versioned-libwpe.patch
	"
builddir="$srcdir/webkitgtk-$pkgver"

# secfixes:
#   2.28.4-r0:
#     - CVE-2020-9862
#     - CVE-2020-9893
#     - CVE-2020-9894
#     - CVE-2020-9895
#     - CVE-2020-9915
#     - CVE-2020-9925
#   2.28.3-r0:
#     - CVE-2020-9802
#     - CVE-2020-9803
#     - CVE-2020-9805
#     - CVE-2020-9806
#     - CVE-2020-9807
#     - CVE-2020-9843
#     - CVE-2020-9850
#     - CVE-2020-13753
#   2.28.1-r0:
#     - CVE-2020-11793
#   2.28.0-r0:
#     - CVE-2020-10018
#   2.26.3-r0:
#     - CVE-2019-8835
#     - CVE-2019-8844
#     - CVE-2019-8846
#   2.26.2-r0:
#     - CVE-2019-8812
#     - CVE-2019-8814
#   2.26.1-r0:
#     - CVE-2019-8783
#     - CVE-2019-8811
#     - CVE-2019-8813
#     - CVE-2019-8816
#     - CVE-2019-8819
#     - CVE-2019-8820
#     - CVE-2019-8823
#   2.26.0-r0:
#     - CVE-2019-8625
#     - CVE-2019-8710
#     - CVE-2019-8720
#     - CVE-2019-8743
#     - CVE-2019-8764
#     - CVE-2019-8766
#     - CVE-2019-8769
#     - CVE-2019-8771
#     - CVE-2019-8782
#     - CVE-2019-8815
#   2.24.4-r0:
#     - CVE-2019-8674
#     - CVE-2019-8707
#     - CVE-2019-8719
#     - CVE-2019-8733
#     - CVE-2019-8763
#     - CVE-2019-8765
#     - CVE-2019-8768
#     - CVE-2019-8821
#     - CVE-2019-8822
#   2.24.3-r0:
#     - CVE-2019-8644
#     - CVE-2019-8649
#     - CVE-2019-8658
#     - CVE-2019-8666
#     - CVE-2019-8669
#     - CVE-2019-8671
#     - CVE-2019-8672
#     - CVE-2019-8673
#     - CVE-2019-8676
#     - CVE-2019-8677
#     - CVE-2019-8678
#     - CVE-2019-8679
#     - CVE-2019-8680
#     - CVE-2019-8681
#     - CVE-2019-8683
#     - CVE-2019-8684
#     - CVE-2019-8686
#     - CVE-2019-8687
#     - CVE-2019-8688
#     - CVE-2019-8689
#     - CVE-2019-8690
#     - CVE-2019-8726
#   2.24.2-r0:
#     - CVE-2019-8735
#   2.24.1-r0:
#     - CVE-2019-6251
#     - CVE-2019-8506
#     - CVE-2019-8524
#     - CVE-2019-8535
#     - CVE-2019-8536
#     - CVE-2019-8544
#     - CVE-2019-8551
#     - CVE-2019-8558
#     - CVE-2019-8559
#     - CVE-2019-8563
#     - CVE-2019-11070
#   2.22.7-r0:
#     - CVE-2018-4437
#     - CVE-2019-6212
#     - CVE-2019-6215
#     - CVE-2019-6216
#     - CVE-2019-6217
#     - CVE-2019-6227
#     - CVE-2019-6229
#   2.22.4-r0:
#     - CVE-2018-4372
#   2.18.4-r0:
#     - CVE-2017-7156
#     - CVE-2017-7157
#     - CVE-2017-13856
#     - CVE-2017-13866
#     - CVE-2017-13870
#   2.14.5-r0:
#     - CVE-2017-2350
#     - CVE-2017-2354
#     - CVE-2017-2355
#     - CVE-2017-2356
#     - CVE-2017-2362
#     - CVE-2017-2363
#     - CVE-2017-2364
#     - CVE-2017-2365
#     - CVE-2017-2366
#     - CVE-2017-2369
#     - CVE-2017-2371
#     - CVE-2017-2373

build() {
	local _archopt=
	case "$CARCH" in
		# disable _FORTIFY_SOURCE to work around:
		# cc1plus: out of memory allocating 65536 bytes after a total of 3131101184 bytes
		x86) CXXFLAGS="$CXXFLAGS -U_FORTIFY_SOURCE";;
		armhf|armv7|ppc64le|s390x) _archopt="-DENABLE_JIT=OFF";;
	esac

	# reduce memory usage on 32 bit
	# https://bugs.webkit.org/show_bug.cgi?id=199272
	export CXXFLAGS="$CXXFLAGS -g1"

	mkdir build
	cd build
	# disable gold usage since it can't find pthreads with it enabled
	cmake -GNinja \
		-DPORT=GTK \
		-DCMAKE_BUILD_TYPE=MinSizeRel \
		-DCMAKE_SKIP_RPATH=ON \
		-DCMAKE_INSTALL_PREFIX=/usr \
		-DLIB_INSTALL_DIR=/usr/lib \
		-DENABLE_GTKDOC=OFF \
		-DENABLE_GEOLOCATION=ON \
		-DENABLE_SAMPLING_PROFILER=OFF \
		-DENABLE_MINIBROWSER=ON \
		-DUSE_WPE_RENDERER=ON \
		-DUSE_WOFF2=ON \
		-DCMAKE_CXX_FLAGS="$CXXFLAGS" \
		-DUSE_LD_GOLD=OFF \
		$_archopt \
		..
	# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923476
	ninja JavaScriptCore-4-gir
	ninja
}

check() {
	ninja -C "$builddir"/build check
}

package() {
	DESTDIR="$pkgdir" ninja -C "$builddir"/build install
	# needed for JIT
	paxmark -m "$pkgdir"/usr/libexec/webkit2gtk-4.0/WebKitWebProcess
}

sha512sums="227cd4066235180521a32a83d3a906212adf4f234f15a1fff4ac86b48e39c431f1e0cb4a56f62924015099a0c8909a73a21a56f8dc71a16c53ac65de4a5773a1  webkitgtk-2.28.4.tar.xz
e1537b9937af1cb936669d405993a52204cb9968b8b3161cb12a3f3f1343c260088c9490fcd7a7deeab6dbabdb5f7ce7e6cb2f857b9f0a4205aba6db2b11fb20  fix-fast-memory-disabled.patch
4c0093e4a38c8ceb3ac92b94539ec1417241814a84abd157442f53f710ecbaf9c2345e258b8ad86d5e0908cacbfca6cad28dedd11c127756b65428f359ba9fcc  musl-fixes.patch
c517c012f5630ef6be5be7d9592c5e042a070f849a141859edefa7984acb98dbd0d718fe6613cd35ba3b7d8530beebcc7408fd077cd914ed335c5e524e9e746a  fix-openjpeg.patch
7d883fc35d0c6bfaa6bff8e9dbcaeaa9b7d7322852e874d8acc78d41a5aad5595650ec62444048e43aa349471cb16e5aed29e684207fc8d3421030e878ba1fa9  lower-stack-usage.patch
82540900a7117e56336fd320692bf4201047a1473050ff3722ba89623551d50925d9e3dde816ed38bfe2145397362ad7eec50332cb53822250c71eea65ec51f0  use-versioned-libwpe.patch"
